Security, compliance, data residency
Everything you and your security team need to validate Inspire before signing. SOC 2 Type II. PCI DSS Level 1. GDPR-compliant. PDPL-compliant (Saudi). DPDP Act 2023-compliant (India). Annual penetration testing.
Certifications + compliance
Audit reports available under mutual NDA.
SOC 2 Type II
Independent audit by a Big-Four firm. Report renewed annually. Available under NDA.
PCI DSS Level 1
Level 1 service provider for card data handling. Annual ROC.
GDPR
Full GDPR compliance for EU customer data. EU DPO appointed.
PDPL (Saudi Arabia)
Saudi PDPL compliance for GCC deployments. Data resides in AWS Bahrain region.
DPDP Act 2023 (India)
India DPDP Act compliance. Indian DPO appointed. Data resides in Mumbai region.
ISO 27001
In progress. Target certification Q4 2026.
Operational security
Day-to-day security practices.
Annual penetration testing
External red-team engagement annually. Findings tracked to closure within published SLAs.
Quarterly vulnerability scanning
Automated VAPT runs quarterly. Critical findings remediated within 7 days.
Encryption at rest and in transit
TLS 1.3 in transit. AES-256 at rest. KMS-managed keys. Customer-managed keys available.
Least-privilege access
RBAC across all systems. Just-in-time access for production. Quarterly access reviews.
Audit logging
Every administrative and customer-data-access action logged. Logs retained for 7 years.
Incident response
Documented IR plan. Tabletop exercises twice yearly. Customer notification within published SLA.
Data residency
Multi-region deployment options.
GCC
AWS Middle East (Bahrain) me-south-1
EU
AWS Europe (Frankfurt) eu-central-1
India
AWS Asia Pacific (Mumbai) ap-south-1
APAC
AWS Asia Pacific (Singapore) ap-southeast-1
North America
AWS US East (Virginia) us-east-1
LATAM
AWS South America (São Paulo) sa-east-1
Want the audit reports?
Email security@inspiresolutions.aero with your NDA. We'll send the latest SOC 2, pen test summary, and sub-processor list.